Gentoo Bug 234088 - www-servers/apache < 2.2.9-r1 xss in mod_proxy_ftp (CVE-2008-2939)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	234088
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Hanno Boeck <hanno@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 234088 depends on:			Show dependency tree
Bug 234088 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-08-06 13:59 0000

see subject, will probably not get a new apache release.

Patch:
http://svn.apache.org/viewvc?view=rev&revision=682870

------- Comment #1 From Robert Buchholz 2008-08-15 10:46:28 0000 -------

CVE-2008-2939 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2939):
  Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp
  module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp
  module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to
  inject arbitrary web script or HTML via wildcards in a pathname in an FTP
URI.

------- Comment #2 From Benedikt Böhm 2008-08-29 13:31:06 0000 -------

2.2.9-r1 in cvs

------- Comment #3 From Robert Buchholz 2008-08-30 12:52:04 0000 -------

Arches, please test and mark stable:
=www-servers/apache-2.2.9-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

------- Comment #4 From Markus Meier 2008-08-30 15:21:05 0000 -------

amd64/x86 stable

------- Comment #5 From Friedrich Oslage 2008-08-30 15:24:58 0000 -------

sparc stable

------- Comment #6 From Raúl Porcel 2008-08-30 16:53:03 0000 -------

alpha/ia64 stable

------- Comment #7 From Tobias Scherbaum 2008-08-31 15:53:09 0000 -------

ppc stable

------- Comment #8 From Markus Rothe 2008-09-01 06:49:39 0000 -------

ppc64 stable

------- Comment #9 From Jeroen Roovers 2008-09-03 21:33:20 0000 -------

Stable for HPPA.

------- Comment #10 From Robert Buchholz 2008-09-14 11:31:53 0000 -------

it's a vote. I vote NO.

------- Comment #11 From Pierre-Yves Rofes 2008-09-14 17:19:38 0000 -------

no too, and closing.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 234088

www-servers/apache < 2.2.9-r1 xss in mod_proxy_ftp (CVE-2008-2939)

Last modified: 2008-09-14 17:19:38 0000